Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-10528

Опубликовано: 16 сент. 2025
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to undefined behavior, invalid pointer in the Graphics.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10rhel10/firefox-flatpakAffected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakAffected
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 10firefoxFixedRHSA-2025:1610917.09.2025
Red Hat Enterprise Linux 10thunderbirdFixedRHSA-2025:1615718.09.2025
Red Hat Enterprise Linux 7 Extended Lifecycle SupportfirefoxFixedRHSA-2025:1745307.10.2025
Red Hat Enterprise Linux 8firefoxFixedRHSA-2025:1626022.09.2025
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2025:1658924.09.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-824
https://bugzilla.redhat.com/show_bug.cgi?id=2395755firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component

EPSS

Процентиль: 24%
0.00079
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-10528

CVSS3: 7.3
ubuntu
7 месяцев назад

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

nvd логотип

CVE-2025-10528

CVSS3: 7.3
nvd
7 месяцев назад

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

debian логотип

CVE-2025-10528

CVSS3: 7.3
debian
7 месяцев назад

Sandbox escape due to undefined behavior, invalid pointer in the Graph ...

github логотип

GHSA-5qj7-cv36-4gxh

CVSS3: 7.3
github
7 месяцев назад

This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.

fstec логотип

BDU:2025-11383

CVSS3: 7.3
fstec
7 месяцев назад

Уязвимость компонента Graphics: Canvas2D браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 24%
0.00079
Низкий

7.5 High

CVSS3